Attack Mitigator IPS 1000
July 01, 2003
Top Layer NetworksProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
Quick to set up and get running as no routing adjustments are needed.
Sits behind the WAN link so can do nothing to stop bandwidth saturation there.
A complementary item designed to work in tandem with other security products.
Top Layer Networks' Attack Mitigator lies at the traditional end of intrusion prevention. It aims to defend against both internal and external hackers using denial-of- service (DoS) and distributed denial-of-service (DDoS), as well as giving broad protection against other well-known attacks. This is done using a mixture of stateful inspection hardware and packet inspection software.
With this product came Top Layer's SecureWatch data collector software, used to report on network flow by taking data collected from other Top Layer products within the network.
The box may be deployed between the WAN router and the perimeter firewall of the network, as well as outside the firewall or in front of public-facing servers and internal server farms. It analyses data packets for attacks by comparing them against a range of packet sequence signatures, packet filters, TCP, ICMP and UDP flow counters as well as HTTP URL filters. When the product suspects a dubious packet it pulls it into a 'discard' port for later analysis. This allows for deployment without changing the routing pattern of the network.
Setting up was largely easy to accomplish. The front panel of the appliance houses twelve ports: one each for the internal and external networks, six for other internal and external network segments, and four further ports for management, flow mirroring and 'discarded' packets. Also available are two optical ports for fiber connections.
Installation involved connecting to the box via a serial port to configure initial IP settings on the management LAN. Once set, the box could connect to an isolated management LAN we set up on the test network. From here the browser-based console takes over for the rest of the configuration.
We set the box to 'mitigate' mode to see what kind of possible attacks it could pick up. We tried a SYN flood attack to overload our server behind the Attack Mitigator but failed as the product limits the number of partial TCP connections. As it sat behind the router it was difficult to stop flooding of the WAN link.
The browser console uses a number of filters to protect against these attacks and others like them. Not only does it protect against a single hacking attempt but it can carry out connection and bandwidth limiting to groups of server and from groups of clients.
The network-based approach to defense will easily complement a network's firewall and detection systems.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry